Exploit for Vulnerability in Microsoft CVE-2022-26809

Name: Exploit for Vulnerability in Microsoft CVE-2022-26809
Rating: 5 (157 reviews)

2022-04-14 | CVSS 10.0

## https://sploitus.com/exploit?id=7030A9DA-EAD0-589C-BA80-9DF1BBF37F0A
# CVE-2022-26809

Detects attempts and successful exploitation of
[CVE-2022-26809](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809),
a remote code execution vulnerability over DCE/RPC. This package is described in
detail in [this Corelight blogpost](https://corelight.com/blog/another-day-another-dce-rpc-rce). This package generates the following
notices:

* `CVE_2022_26809::ExploitAttempt`, and
* `CVE_2022_26809::ExploitSuccess`

The first is generated when an attack is attempted, but does not necessarily
succeed. The second is fired only when a successful exploit is detected and
should be investigated immediately. No new logs are generated. This package can
be installed with `zkg` using the following commands:

```
$ zkg refresh
$ zkg install cve-2022-26809
```

Corelight customers can install it by updating the CVE bundle.